Summary
This section contains my security notes focused on beginner-friendly blue-team learning, SOC concepts, detection basics, and lab documentation.
What You Will Find Here
- SIEM and log analysis notes
- Detection and alerting concepts
- Blue-team references and security fundamentals
- Lab notes connected to Wazuh, Sysmon, and Zeek
Structure
| Section | What it contains |
|---|---|
| Guides | practical triage and investigation workflows |
| Commands | quick investigation-support commands |
| Concepts | blue-team mental models and detection fundamentals |
Recommended starting points
- What a SIEM Does
- Events, Alerts, and Detections
- Log Sources and Telemetry
- False Positives and Tuning
- Basic Alert Triage
- Detection Validation and Rule Tuning Workflow
- Investigation Workflow
- Severity, Escalation, and When To Hand Off
Scope
- Entry-level SOC and security analyst preparation
- Security notes connected to networking, Linux, and homelab work